Web privacy notice

Name: Smappee
Price range: $

Privacy Notice Last updated: February 2026.

Introduction

Smappee is dedicated to upholding the privacy of its prospective customers, suppliers, business partners, website visitors, and users of Smappee products and services. This commitment aligns with the General Data Protection Regulation 2016/679 (GDPR).

The purpose of this Privacy Notice (“Privacy Notice”) is to inform you on how Smappee NV, acting as controller, and its affiliate or subsidiary companies worldwide (together referred to as “Smappee” “us,” “our,” or “we”) use your Personal Data, and which rights you have in relation to your Personal Data.

This Privacy Notice does not address the processing of personal data of employees or job applicants in the context of their professional relationship with us. Such processing is addressed by a separate privacy notice.

Our organization and websites thrive in a dynamic and innovative environment. This commitment drives us to continuously enhance our services, ensuring they are tailored to meet our customers’ needs. As part of this evolution, we may introduce new functionalities that involve collecting and processing your personal information in different ways. Hence, this Privacy Notice may be updated in response to changes in our services or applicable legislation. We will inform you of any significant updates to this privacy statement.

Smappee has appointed a Data Protection Officer, notified to the GBA (Gegevensbeschermingsautoriteit Belgium). The DPO can be contacted via dpo@smappee.com.

1. Who we are and what we do

Smappee is a leading innovator in smart energy technology, on a mission to make energy management smarter, more efficient, and sustainable for homes and businesses worldwide. Smappee aims at empowering people and companies with real-time insights and control over their energy consumption, helping to create a greener, more sustainable future. Our cutting-edge technology optimizes energy use, integrates renewable energy sources, and enhances electric vehicle charging efficiency.

2. What Personal Data is processed by Smappee?

Smappee may collect and process various types of personal data while conducting our business and delivering our services.

Categories of data	Source of data	Legal basis	Retention
Account creation Personal data is processed to create and manage a user account for access to the Smappee mobile App and Smappee Dashboard, including account authentication, account management, and enabling access to Smappee products and services.
• Identification and contact data (name, email address, phone number, address); • Account credentials (username, password); • Payment or charging card details (where required for the services used).	Provided directly by the user when creating or managing an account in the Smappee mobile App or Smappee Dashboard.	Execution of an agreement (Article 6(1)(b) GDPR), namely the creation and management of a user account and access to Smappee services.	Account data is retained for the duration of the user account. Upon account deletion, personal data is deleted or anonymized, unless retention is required to comply with legal obligations or to defend against legal claims.
Use of the functionalities in Smappee’s mobile App Personal data is processed to provide access to and enable the use of the Smappee mobile App, including monitoring app performance, delivering energy insights, enabling app functionalities, supporting user communication, and ensuring secure and reliable operation of the App.
• Device and usage data (device type, operating system, app version, usage patterns); • Energy consumption and production data (energy usage, solar production, appliance-level insights); • Location data (where location-based features are enabled); • Communication data (messages, support requests, and related metadata submitted via the App).	Collected from the user through their interaction with the Smappee mobile App, and from Smappee devices connected to the App.	Execution of an agreement (Article 6(1)(b) GDPR) for providing access to and functionalities of the mobile App; Consent (Article 6(1)(a) GDPR) where location data or optional features require consent; Legitimate interest (Article 6(1)(f) GDPR) for monitoring app performance, ensuring security, and improving functionality.	Personal data is retained for the duration of the user’s account and use of the mobile App. Data may be retained longer where necessary to resolve technical issues, handle disputes, or defend against legal claims.
Operation of charging and payment services (CPO, eMSP, split billing) Personal data is processed to enable, manage, and administer electric vehicle charging and related payment services, including user authentication, initiation and termination of charging sessions, metering of energy delivered, billing and split billing, handling payments, and resolving disputes related to charging services.
• User identification data (such as account ID, charging card or token identifier); • Charging session data (date and time, duration, charging location, charging point ID); • Energy consumption data per charging session (kWh delivered); • Payment and billing data (transaction references, tariffs, invoicing details); • Technical and operational data related to charging sessions.	Collected from the user, the charging infrastructure, charging cards or applications, and systems involved in the operation of charging and payment services.	Execution of an agreement (Article 6(1)(b) GDPR) for the provision of charging and payment services; Legal obligation (Article 6(1)(c) GDPR) where processing is required for accounting or fiscal purposes; Legitimate interest (Article 6(1)(f) GDPR) for fraud prevention, dispute handling, and service security.	Personal data related to charging and payment services is retained for as long as necessary to provide the services and to comply with applicable accounting and legal retention obligations. Data may be retained longer where required to defend against legal claims.
Optimization of Smappee’s energy management solutions Personal data is processed to monitor, analyse, and improve the performance, efficiency, reliability, and user experience of Smappee’s energy management solutions, including system optimisation, feature development, and service improvement.
• Energy consumption data (electricity, gas, water usage, load profiles); • Device and appliance data (connected devices, operational status, energy usage); • Measurement and sensor data; • User configuration and preference data (energy goals, automation rules, schedules); • Pseudonymized analytics data derived from the above.	Collected directly from Smappee devices, sensors, and systems installed at the customer’s premises, and from user inputs via the Smappee app or dashboard.	Legitimate interest (Article 6(1)(f) GDPR), namely improving and optimising the performance, functionality, and reliability of Smappee’s energy management solutions.	Personal data used for optimisation purposes is retained for as long as necessary to achieve these purposes and no longer than the duration of the customer relationship, unless a longer retention is required to defend against legal claims or comply with legal obligations. Where possible, data is aggregated or anonymized at an earlier stage.
Operation of Smappee’s “Smartstop” charging stations Smappee processes personal data for the operation and management of our charging stations ‘Smartstop’. This includes facilitating access to charging infrastructure, authenticating users, initiating and terminating charging sessions, monitoring station performance, and ensuring the secure and efficient delivery of charging services. These activities are essential to fulfil contractual obligations and to maintain the reliability and safety of the charging network.
• User identification data (such as account ID, charging card or token identifier); • Charging session data (date and time, duration, charging location, charging point ID); • Energy consumption data per charging session (kWh delivered); • Payment and billing data (transaction references, tariffs, invoicing details); • Technical and operational data related to charging sessions.	Collected from the user, the charging infrastructure, charging cards or applications, and systems involved in the operation of charging and payment services.	Legitimate interest (Article 6(1)(f) GDPR), namely improving and optimising the performance, functionality, and reliability of Smappee’s energy management solutions.	Personal data related to charging and payment services is retained for as long as necessary to provide the services and to comply with applicable accounting and legal retention obligations. Data may be retained longer where required to defend against legal claims.
CCTV at our Smartstops For your own safety, the protection of our property, and the prevention and documentation of vandalism, and other criminal acts, Smappee uses video surveillance at our fast-charging stations. This surveillance is indicated by signs at the boundaries of the areas covered by the cameras, by the visible placement of the cameras themselves, and in other clearly recognizable ways when the situation requires it.
• Video images of individuals present in the monitored area; • Date, time, and location of recordings; • Contextual information visible in the footage (vehicles, movements, incidents).	Automatically collected through CCTV cameras installed at Smappee Smartstop locations.	Legitimate interest (Article 6(1)(f) GDPR), namely ensuring safety, protecting property, and preventing and investigating criminal acts.	CCTV footage is retained for a limited period, not exceeding 30 days, unless the footage is required for the investigation of an incident, a dispute, or legal proceedings. In such cases, the relevant footage is retained for as long as necessary to handle the incident or proceedings.
Cookies our website We may use cookies on our website that fall into one of the four categories listed below. Through our website’s cookie banner, you can manage your preferences for the non-essential cookie categories. The banner also provides an overview of all cookies used, organized by category. More information about cookies on our website can be found in our Cookie Notice. • Necessary cookies – These mandatory cookies are required for the proper functioning of our website. • Preference cookies – These cookies store information related to changes in the way the website behaves or looks, such as your preferred language or the region you are in. • Statistical cookies – These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. • Marketing cookies – These cookies are used to track visitors across websites.
• Online identifiers (such as cookie identifiers and IP address); • Device and browser information; • Website usage data (such as pages visited, interactions, timestamps); • Preference settings (such as language or region).	Automatically collected from the data subject’s device through cookies and similar technologies when visiting our website.	• Necessary cookies: execution of an agreement / legitimate interest (Article 6(1)(b) or (f) GDPR); • Preference cookies: consent (Article 6(1)(a) GDPR); • Statistical cookies: consent (Article 6(1)(a) GDPR); • Marketing cookies: consent (Article 6(1)(a) GDPR).	Cookies are retained for the duration specified in our Cookie Notice and no longer than necessary for their respective purposes. You can withdraw your consent at any time via the cookie settings, after which non-essential cookies will no longer be used.
Support and communication If you contact our customer service, we may process some of your personal data. If you have contacted our customer service, we may also send you a customer satisfaction survey to collect your feedback on the support you received. We do this to continuously improve our customer service.
• Identification and contact data (name, email address, phone number); • Communication content (messages, emails, call records, support tickets); • Technical and contextual data related to the request (account ID, device or service information, timestamps); • Feedback provided through customer satisfaction surveys.	The data subject and, where applicable, data generated through our support channels (email, phone, app, dashboard).	1) Execution of an agreement (Article 6(1)(b) GDPR) where the support request relates to the provision of our products or services; 2) Legitimate interest (Article 6(1)(f) GDPR) for handling general inquiries, improving customer support, and conducting customer satisfaction surveys.	Support records and related communications are retained for as long as necessary to provide the support services, and no longer than the 2 years thereafter. Where a dispute or claim arises, the relevant data may be retained for the duration of that dispute or claim.
Direct marketing We may process your personal data for direct marketing purposes to inform you about our products, services, promotions, or events that may be of interest to you.
Types of personal data we may process for direct marketing include: • Identification data: such as your name and title • Contact details: including your email address, phone number, and postal address • Interaction history: including your previous purchases, inquiries, or interactions with our services • Marketing preferences: such as your subscription status and communication preferences • Online identifiers and usage data: such as IP address, cookies, and browsing behavior on our website (where applicable and with appropriate consent)	The data subject and, where applicable, data collected through our websites and communication channels.	Consent, or legitimate interest where permitted by applicable law (for example, for certain B2B communications).	Until your consent is withdrawn, or until you object to the processing where direct marketing is based on legitimate interest.
Recruitment and job applications When you apply for a job at Smappee, whether in response to a published job opening or through a spontaneous application, we process your personal data for recruitment and selection purposes.
The personal data we may process in this context includes: • Identification and contact data: such as your name, email address, phone number, and address; • Professional information: such as your curriculum vitae, cover letter, education, work experience, skills, and qualifications; • Application-related information: such as interview notes, assessment results, references (where applicable), and correspondence exchanged during the recruitment process; • Any other personal data you voluntarily choose to provide as part of your application.	The information you provide during your application.	1) Execution of an agreement and precontractual steps (Article 6(1)(b) GDPR) for the assessment of your application; 2) Consent (Article 6(1)(a) GDPR) where you agree to be included in our talent pool after rejection.	1) For the duration of the recruitment process. 2) If the application is unsuccessful, the data is deleted after the recruitment process, unless you have given consent to be included in our talent pool, in which case the data is retained for a maximum period of 2 years.
Supplier and vendor management Personal data is processed in the context of managing relationships with suppliers, contractors, and other business partners, including contract negotiation and execution, communication, invoicing, payment processing, and compliance with legal and accounting obligations.
• Identification and contact data (name, business contact details, function or role); • Professional information (company name, position, correspondence); • Financial and administrative data (bank account details, invoices, payment information); • Contractual data (agreements, orders, delivery and performance information).	Provided directly by the supplier or vendor, or obtained in the context of the contractual relationship.	Execution of an agreement (Article 6(1)(b) GDPR) for managing contractual relationships; Legal obligation (Article 6(1)(c) GDPR) where processing is required for accounting, tax, or other statutory obligations.	Personal data relating to suppliers and vendors is retained for the duration of the contractual relationship and thereafter for as long as required to comply with applicable legal and accounting retention obligations or to defend against legal claims.
B2B customer contact and relationship management Personal data is processed in the context of managing contractual and commercial relationships with business customers, including communication with contact persons, account and relationship management, contract negotiation and execution, and coordination of services.
• Identification and professional contact data (name, business email address, phone number, function or role); • Professional and organisational information (company name, department, correspondence); • Contractual and relationship data (agreements, orders, communications related to the business relationship).	Provided directly by the business customer or its representatives, or obtained in the context of the contractual relationship.	Legitimate interest (Article 6(1)(f) GDPR) in managing and maintaining business relationships with customers; Execution of an agreement (Article 6(1)(b) GDPR) where processing is necessary for the performance of a contract with the business customer.	Personal data of B2B contact persons is retained for the duration of the business relationship and thereafter for as long as necessary to comply with legal obligations or to defend against legal claims.
Financial administration and accounting Personal data is processed for financial administration purposes, including accounting, bookkeeping, invoicing, audit, tax compliance, and financial reporting, insofar as required for the lawful operation of Smappee’s business.
• Identification and contact data (name, business contact details); • Financial and transactional data (invoices, payments, bank account details, transaction references); • Contractual and accounting records related to customers, suppliers, and business partners.	Obtained from customers, suppliers, business partners, and generated in the context of financial and accounting operations.	Legal obligation (Article 6(1)(c) GDPR), namely compliance with accounting, tax, and audit obligations under applicable law.	Personal data processed for financial and accounting purposes is retained for the duration required by applicable accounting and tax legislation.
IT security and system logging Personal data is processed to ensure the security, integrity, and proper functioning of Smappee’s IT systems, networks, applications, and infrastructure. This includes monitoring system access, detecting and preventing security incidents, managing vulnerabilities, and investigating potential misuse or breaches.
• User and account identifiers (such as user IDs or usernames); • Technical log data (IP addresses, login timestamps, access logs, system events); • Device and system information related to security monitoring.	Automatically generated by Smappee’s IT systems, applications, networks, and security tools in the course of system use and operation.	Legitimate interest (Article 6(1)(f) GDPR), namely ensuring network and information security, preventing unauthorised access, and protecting systems and data.	Security logs and related data are retained for a limited period necessary to monitor security, detect incidents, and investigate security events, and no longer than necessary, unless longer retention is required to handle a security incident or to defend against legal claims.

3. Sharing Personal Data with external parties

This section details the external parties with whom we may share your Personal Data.

External Party	Purpose
Smappee Group Companies	We may share your personal data with any member of our group of companies. This includes our subsidiaries, our ultimate holding company, and all of its subsidiaries, as necessary for the purposes outlined in this Privacy Notice.
Business transfers	Your personal data may be transferred during a merger, acquisition, divestiture, joint venture, or similar transaction involving all or part of our business or its assets. In such cases, the receiving entity will inherit all rights and obligations concerning your personal data as outlined in this Privacy Notice.
Service providers	We may share your personal data with our service providers for specific purposes, including: • Insurers and professional advisers: This sharing is necessary for obtaining and maintaining insurance coverage, managing risks, seeking professional advice, and handling legal disputes. • Payment processors: We only share information with payment processors to the extent required for processing your payments, issuing refunds, and addressing any complaints or queries related to these transactions.
Installation and support partners	We may share your data with our certified installers and support providers to assist with product setup, installation, and after-sales support. These parties operate as independent controllers and will provide their own privacy policies. This means that these partners independently determine the purposes and means of the personal data processing they carry out in the context of their direct relationship with you.
Legal Obligations	We may also share your personal data when such disclosure is required to comply with a legal obligation that applies to us.

Our website uses third-party cookies that are placed by external parties. These cookies may process personal data, such as online identifiers and information about your use of the website. Specifically, this concerns cookies from the following parties, as listed in our cookie list:

Google (including Google Analytics and advertising services):
https://policies.google.com/privacy
https://business.safety.google/privacy/
Meta (Facebook):
https://www.facebook.com/privacy/explanation
LinkedIn:
https://www.linkedin.com/legal/privacy-policy
TikTok:
https://www.tiktok.com/legal/privacy-policy
VWO (Visual Website Optimizer):
https://vwo.com/privacy/
HubSpot:
https://legal.hubspot.com/privacy-policy

These links direct you to the privacy information of the respective third parties, where you can find further details about the purposes of the processing, the retention periods, and your rights. You may adjust or withdraw your consent to the use of these cookies at any time via the cookie settings on our website.

4. Transfer of Personal Data outside the EEA

To provide our services, it may be necessary to transfer your Personal Data to locations outside the jurisdiction where you initially provided it or from which you are accessing this website, as outlined in this Privacy Notice. This process may involve transferring your data from a location within the European Economic Area (the “EEA”) to one outside the EEA.

Smappee is committed to implementing appropriate safeguards to ensure that your personal information remains protected and secure, in compliance with applicable data protection laws. These safeguards may include an adequacy decision by the EU Commission or the use of standard data protection clauses adopted or approved by the European Commission (“SCC”).

5. How does Smappee technically protect your Personal Data?

Smappee prioritizes high standards of information security when managing our customers’ data. We employ reasonable and appropriate security measures to safeguard your personal information from unauthorized access, disclosure, or destruction. All communication between your Smappee devices and the Smappee cloud is secured using robust encryption protocols. Additionally, we utilize computer safeguards, including firewalls and data encryption, to further protect your data. Access to personal information is granted solely to employees who need it to perform their job responsibilities.

6. What are your rights and how to exercise them?

In accordance with applicable data protection laws, which may include certain exemptions, you are entitled to the following rights:

to obtain confirmation as to whether or not your personal data is being processed and, where that is the case, the right to obtain further information about such processing as well as the right to obtain a copy of your personal data (or in some cases have your personal data transferred to another controller);
to obtain the rectification of inaccurate personal data and to have incomplete personal data completed;
to object to the processing of your personal data (especially any processing for direct marketing purposes) if the processing was based on legitimate interests;
to withdraw your consent if the processing was based on your consent (please note this will not affect the lawfulness of the processing that occurred before the withdrawal of consent);
to obtain the erasure of personal data that is not/no longer lawfully processed; and
to put the processing of personal data on hold (‘restriction’) in certain cases (e.g. while we are assessing whether we should indeed rectify or stop processing your personal data).

To exercise any of these rights, please submit your request by emailing dpo@smappee.com. We may be unable to fulfil your request if we cannot verify your identity within our datasets. If we determine that we are not legally obligated to comply with your request, we will provide an explanation in our response.

If you believe that your request has been unfairly denied, you have the right to file a complaint with the relevant data protection authority. This can be done in the EU member state where you reside, where you work, or where the alleged infringement occurred. The contact details of all Supervisory Authorities in Europe can be found on the following website: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

Contact details of the Belgian Data Protection Authority are:
Gegevensbeschermingsautoriteit
Drukpersstraat 35
1000 Brussel
contact@apd-gba.be

Smappee NV, Evolis 100, 8500 Kortrijk, Belgium

Effective Date: 25-05-2018

All product names are trademarks of their respective companies.